Supply Chain Risk Management Copes with Evolving Threats
At the Sixteenth Annual ARC World Industry Forum, held last month in Orlando, Florida, a number of high level industry speakers addressed the meeting topic of “Transforming Industry through New Processes and Technologies.”
One of them was John D’Andrea, Dell’s Director, Global Supply Chain and Fulfillment, who presented a keynote on Supply Chain Integrity. Based on his presentation, we asked D’Andrea some questions about the timely topic of supply chain risk management. Here are his responses
DMR: Why is a supply chain risk management program important? And is it just for large manufacturers like Dell, or should small to medium sized manufacturers (SMMs) be addressing these issue as well?
D’Andrea: Dell believes that having a robust supply chain risk management (SCRM) program is essential to taking care of your customers, regardless of the size of the manufacturer. Globally, people and corporations are becoming more dependent on IT solutions—customers value confidentiality, integrity, and availability (known as the CIA Triad of Information Security) of their data more than ever.
DMR: Are we seeing an escalation in threats to the supply chain, and, if so, how can they be dealt with?
D’Andrea: Threats will continue to evolve and change over time, based on the needs or perceptions of the customers, the competitive landscape, the environment, and the marketplace. In the IT industry, the threats are increasing in number and severity due to the globalization of the supply chain as well as the nature of the products we sell. The best way to deal with those threats is to use a strategy of defense in breadth and depth. This involves having layers of protections in place throughout the supply chain (from component manufacturers through customer delivery) and the life cycle of the product (from design and development through delivery, service and support).
DMR: What are the main elements of a supply chain risk management program?
D’Andrea: This includes SCRM Framework and Governance. For example:
- There are many industry-recognized guidelines for developing SCRM programs that can be leveraged (ISO, NIST, C-TPAT, etc.).
- An SCRM program needs to consider many types of threats (natural disasters, labor issues, socio-economic conditions, supplier reliability, etc.).
- The framework needs to be a closed feedback loop and should be repeatable, predictable, and understood.
- All three components of a strong supply chain security program (physical, personnel/human, and cyber/information) need to be considered throughout the process.
Risk Assessment Cycle
- The basic steps in a risk management cycle are Define, Assess & Prioritize, Respond, and Monitor.
- Risk is the product of the threat, the impact, the likelihood, and the vulnerabilities. By quantifying risks, you can prioritize resources to protect your supply chain where it matters most.
- For each high-priority risk you should develop alternative courses of action, evaluate them, choose the appropriate response within your risk tolerance, and implement the response. The effectiveness of the response should be reviewed and the prioritization should reflect the changes. There are several ways to responds to risks: accept or extenuate the risk, mitigate the risk (by reducing or eliminating the threat, vulnerability, impact, and/or likelihood), share the risk, transfer the risk, or avoid the risk.
DMR: What is a segmented supply chain and what are its advantages?
D’Andrea: A segmented supply chain acknowledges that customers are different and that one size does not fit all when it comes to supply chain effectiveness. The supply chain for a mass-produced consumer laptop configuration should not necessarily be the same supply chain used for unique or sensitive laptop configurations. This approach allows for each type of customer to be advantaged by only paying for what he or she wants. It allows a customer to select the right mixture of features, price, and lead time to meet his or her needs.
The customer should be the focus of the program. SCRM is a process, not a one-time event. It requires structure and accountability to ensure that appropriate policies are in place and that the “police force” is effective. It requires an understanding of the customer perspective as well as an understanding of your entire supply chain. It is not perfect, but it can help you minimize the impact to your customers, allows you to make & keep promises to your customers, enables you to compete in the marketplace, and it gives you the opportunity to delight customers, earning their trust and loyalty.
DMR: Specifically, what is Dell doing to promote an awareness of supply chain risk management to its customers and supply chain partners?
D’Andrea: Dell has a history of passing its supply chain knowledge to customers through open dialogue. In February 2012, Dell launched its first organized program for customers to learn directly from Dell about supply chain best practices. The Dell Supply Chain Management Institute in China will be an ongoing, three-day workshop for manufacturing and supply chain executives that will leverage both Dell and top academic experts to improve the knowledge base of our customers, ultimately contributing to their success.